Cisco FirePOWER ASA 5500 series Configuration Manual page 79

Chapter 4 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
You can configure up to five VLANs with the Security Plus license. You can configure three VLAN
interfaces for normal traffic, one VLAN interface for failover, and one VLAN interface as a backup link
to your ISP. The backup link to the ISP must be identified by the backup interface command. The
backup interface does not pass through traffic unless the default route through the primary interface fails.
To ensure that traffic can pass over the backup interface in case the primary fails, be sure to configure
default routes on both the primary and backup interfaces so that the backup interface can be used when
the primary fails. For example, you can configure two default routes: one for the primary interface with
a lower administrative distance, and one for the backup interface with a higher distance. To configure
dual ISP support, see the
To name the interface, enter the following command:
Step 4
hostname(config-if)# nameif name
The name is a text string up to 48 characters, and is not case-sensitive. You can change the name by
reentering this command with a new value. Do not enter the no form, because that command causes all
commands that refer to that name to be deleted.
To set the security level, enter the following command:
Step 5
hostname(config-if)# security-level number
Where number is an integer between 0 (lowest) and 100 (highest).
Step 6 (Routed mode only) To set the IP address, enter one of the following commands.
Note
• To set the IP address manually, enter the following command:
hostname(config-if)# ip address ip_address [mask] [standby ip_address]
The standby keyword and address is used for failover. See
more information.
• To obtain an IP address from a DHCP server, enter the following command:
hostname(config-if)# ip address dhcp [setroute]
Reenter this command to reset the DHCP lease and request a new lease.
If you do not enable the interface using the no shutdown command before you enter the ip address
dhcp command, some DHCP requests might not be sent.
To obtain an IP address from a PPPoE server, see
•
(Optional) To assign a private MAC address to this interface, enter the following command:
Step 7
hostname(config-if)# mac-address mac_address [standby mac_address]
OL-10088-01
"Configuring Static Route Tracking" section on page
To set an IPv6 address, see the
To set the management IP address for transparent firewall mode, see the
Management IP Address for a Transparent Firewall" section on page
you do not set the IP address for each interface, but rather for the whole adaptive security
appliance or context.
For failover, you must set the IP address an standby address manually; DHCP and PPPoE are not
supported.
"Configuring IPv6 on an Interface" section on page
Chapter 14, "Configuring Failover,"
Chapter 35, "Configuring the PPPoE Client."
Cisco Security Appliance Command Line Configuration Guide
Configuring VLAN Interfaces
9-3.
12-3.
"Setting the
8-5. In transparent mode,
for
4-7